From: Jim Youll <jim(_at_)media(_dot_)mit(_dot_)edu>
...
but is it as much as most people claime? I don't think so. My guess
is that perhaps 10% of what most people claim is "forged" spam really
is. 10% of all of the spam in the world implies a "heck of a lot of
blowback and other noise. Do you have any evidence that your heck of
a lot of forged spam is the majority or even a large fraction of spam?
...
10% would still be a pretty big number.
That's what I said.
If you create a mechanism that doesn't account for forgeries, then
forgeries will increase.
If you mean real forgeries, then there are laws and there have
been convictions. See http://news.com.com/2100-1023-249758.html
http://www.spamlaws.com/
and http://archive.salon.com/tech/feature/2000/04/19/state_spam/
I absolutely don't believe that spammers are not forging because
they have some fear of law enforcement over a small matter of
technology...
It certainly seems to me that forgery is involved in a far smaller
fraction of spam today than several years ago. What's your explanation.
considering that their "products" are often themselves
illegal scams. More likely, mailers that reject unmatched forward/reverse
DNS are responsible for any changes there.
There's an unsubtle difference between obvious, undeniable header forgery
on 30,000,000 copies of spam and selling spamware or herbal v***** that
for all anyone can readily prove might do what the spammer claims.
Obvious, undeniable header forgery would be putting your or CERT's
address on every copy of a 30,000,000 target spew. That would create
bounce problems large enough for you or CERT to interest the courts,
as it did for Flowers.com. See
http://www.google.com/search?q=%22flowers.%2Bcom%22+spam
A spammer putting your or CERT's address on a 10, 100, or even 1000
copies won't do more than make you or CERT angry. It's very unlikely
to cause any real harm, and so the cops will have trouble justifying
spending the time and money to hire someone who can spell "email" or
tell the court that you were terribly damaged. For better or worse,
courts tend to ignore some laws involving what they consider "victimless
crimes." To get a flavor of that problem, talk to people with experience
in TCPA actions (junk fax or telephone solicitation). It's common
for judges to ignore the law when no significant harm was done.
(I'm not talking about how things ought to be, but how they are.)
Flogging "untraceable" spamware or pills to make your "tool" bigger
is also petty enough to escape attention most of the time.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg